#!/bin/bash

echo "=== 本地IP证书查看工具 ==="
echo ""

# 颜色定义
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color

# 日志函数
log_info() {
    echo -e "${BLUE}[INFO]${NC} $1"
}

log_success() {
    echo -e "${GREEN}[SUCCESS]${NC} $1"
}

log_warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

log_error() {
    echo -e "${RED}[ERROR]${NC} $1"
}

log_highlight() {
    echo -e "${PURPLE}[HIGHLIGHT]${NC} $1"
}

# 获取本地IP地址
get_local_ip() {
    ifconfig | grep "inet " | grep -v 127.0.0.1 | awk '{print $2}' | head -1
}

# 获取所有本地IP地址
get_all_local_ips() {
    ifconfig | grep "inet " | grep -v 127.0.0.1 | awk '{print $2}'
}

# 获取本地IP信息
LOCAL_IP=$(get_local_ip)
ALL_LOCAL_IPS=$(get_all_local_ips)

log_highlight "当前本地IP地址: $LOCAL_IP"
log_info "所有本地IP地址:"
echo "$ALL_LOCAL_IPS" | while read ip; do
    echo "  - $ip"
done
echo ""

# 查看钥匙串列表
echo "1. 查看钥匙串列表"
log_info "系统钥匙串:"
security list-keychains
echo ""

# 查看登录钥匙串中的证书
echo "2. 查看登录钥匙串中的证书"
log_info "登录钥匙串中的证书:"
security find-certificate -a ~/Library/Keychains/login.keychain-db | grep -E "(alis|labl)" | head -10
echo ""

# 查看SmartInput相关证书
echo "3. 查看SmartInput相关证书"
log_info "SmartInput相关证书:"
security find-certificate -a ~/Library/Keychains/login.keychain-db | grep -A 5 -B 5 -i "smartinput\|192.168"
echo ""

# 查看系统安装的证书
echo "4. 查看系统安装的证书"
log_highlight "检查系统钥匙串中的证书:"

# 查看系统钥匙串中的所有证书
log_info "系统钥匙串中的所有证书:"
security find-certificate -a /Library/Keychains/System.keychain | grep -E "(alis|labl)" | head -20
echo ""

# 查看登录钥匙串中的所有证书
log_info "登录钥匙串中的所有证书:"
security find-certificate -a ~/Library/Keychains/login.keychain-db | grep -E "(alis|labl)" | head -20
echo ""

# 检查系统钥匙串中的本地IP证书
echo "5. 检查系统钥匙串中的本地IP证书"
for ip in $ALL_LOCAL_IPS; do
    log_info "检查IP: $ip"
    if security find-certificate -c "$ip" ~/Library/Keychains/login.keychain-db > /dev/null 2>&1; then
        log_success "找到证书: $ip"
        echo "证书详情:"
        security find-certificate -c "$ip" ~/Library/Keychains/login.keychain-db | grep -E "(alis|labl|issu|subj)"
    else
        log_warning "未找到证书: $ip"
    fi
    echo ""
done

# 检查系统钥匙串中的证书
echo "6. 检查系统钥匙串中的证书"
for ip in $ALL_LOCAL_IPS; do
    log_info "检查系统钥匙串中的IP: $ip"
    if security find-certificate -c "$ip" /Library/Keychains/System.keychain > /dev/null 2>&1; then
        log_success "系统钥匙串中找到证书: $ip"
        echo "证书详情:"
        security find-certificate -c "$ip" /Library/Keychains/System.keychain | grep -E "(alis|labl|issu|subj)"
    else
        log_warning "系统钥匙串中未找到证书: $ip"
    fi
    echo ""
done

# 查看系统钥匙串中的证书
echo "7. 查看系统钥匙串中的证书"
log_info "系统钥匙串中的证书:"
security find-certificate -a /Library/Keychains/System.keychain | grep -E "(alis|labl)" | head -10
echo ""

# 查看系统证书详细信息
echo "8. 查看系统证书详细信息"
log_info "系统钥匙串中的证书详细信息:"

# 获取系统证书列表
log_success "找到系统证书:"
security find-certificate -a /Library/Keychains/System.keychain | grep "alis" | head -10 | while read -r line; do
    cert_name=$(echo "$line" | sed 's/.*"alis"<blob>="\([^"]*\)".*/\1/')
    if [ -n "$cert_name" ] && [ "$cert_name" != "alis" ]; then
        echo "  - $cert_name"
    fi
done
echo ""

# 查看登录钥匙串证书详细信息
log_info "登录钥匙串中的证书详细信息:"
log_success "找到登录钥匙串证书:"
security find-certificate -a ~/Library/Keychains/login.keychain-db | grep "alis" | head -10 | while read -r line; do
    cert_name=$(echo "$line" | sed 's/.*"alis"<blob>="\([^"]*\)".*/\1/')
    if [ -n "$cert_name" ] && [ "$cert_name" != "alis" ]; then
        echo "  - $cert_name"
    fi
done
echo ""

# 查看证书文件
echo "9. 查看系统证书文件"
log_info "系统证书文件位置:"
echo "系统钥匙串: /Library/Keychains/System.keychain"
echo "登录钥匙串: ~/Library/Keychains/login.keychain-db"
echo ""

# 测试本地IP证书连接
echo "10. 测试本地IP证书连接"
log_info "测试本地IP HTTPS连接:"
for ip in $ALL_LOCAL_IPS; do
    log_info "测试: https://$ip:8080/api/auth/test"
    if curl -s -I "https://$ip:8080/api/auth/test" > /dev/null 2>&1; then
        log_success "连接成功: https://$ip:8080"
    else
        log_error "连接失败: https://$ip:8080"
    fi
done

# 测试localhost连接
log_info "测试localhost连接:"
if curl -s -I "https://localhost:8080/api/auth/test" > /dev/null 2>&1; then
    log_success "连接成功: https://localhost:8080"
else
    log_error "连接失败: https://localhost:8080"
fi
echo ""

# 查看证书信任状态
echo "11. 查看证书信任状态"
log_info "本地IP证书信任状态:"
for ip in $ALL_LOCAL_IPS; do
    log_info "检查IP: $ip"
    if security find-trust-settings -d "$ip" ~/Library/Keychains/login.keychain-db > /dev/null 2>&1; then
        log_success "证书已信任: $ip"
    else
        log_warning "证书未信任: $ip"
    fi
done

# 检查系统钥匙串中的信任状态
log_info "系统钥匙串中的信任状态:"
for ip in $ALL_LOCAL_IPS; do
    log_info "检查系统钥匙串中的IP: $ip"
    if security find-trust-settings -d "$ip" /Library/Keychains/System.keychain > /dev/null 2>&1; then
        log_success "系统钥匙串中证书已信任: $ip"
    else
        log_warning "系统钥匙串中证书未信任: $ip"
    fi
done
echo ""

# 系统证书管理建议
echo "12. 系统证书管理建议"
log_highlight "系统证书管理操作:"
echo ""
echo "1. 查看所有系统证书:"
echo "   security find-certificate -a /Library/Keychains/System.keychain"
echo ""
echo "2. 查看所有登录钥匙串证书:"
echo "   security find-certificate -a ~/Library/Keychains/login.keychain-db"
echo ""
echo "3. 查看特定证书详情:"
echo "   security find-certificate -c \"证书名称\" /Library/Keychains/System.keychain"
echo ""
echo "4. 删除系统证书:"
echo "   sudo security delete-certificate -c \"证书名称\" /Library/Keychains/System.keychain"
echo ""
echo "5. 删除登录钥匙串证书:"
echo "   security delete-certificate -c \"证书名称\" ~/Library/Keychains/login.keychain-db"
echo ""

# 系统证书状态总结
echo "13. 系统证书状态总结"
log_highlight "系统证书状态总结:"
echo ""
echo "系统钥匙串位置: /Library/Keychains/System.keychain"
echo "登录钥匙串位置: ~/Library/Keychains/login.keychain-db"
echo ""

# 统计证书数量
SYSTEM_CERT_COUNT=$(security find-certificate -a /Library/Keychains/System.keychain | grep "alis" | wc -l)
LOGIN_CERT_COUNT=$(security find-certificate -a ~/Library/Keychains/login.keychain-db | grep "alis" | wc -l)

echo "系统钥匙串证书数量: $SYSTEM_CERT_COUNT"
echo "登录钥匙串证书数量: $LOGIN_CERT_COUNT"
echo ""

# 检查本地IP相关证书
echo "本地IP相关证书:"
for ip in $ALL_LOCAL_IPS; do
    if security find-certificate -c "$ip" /Library/Keychains/System.keychain > /dev/null 2>&1; then
        echo "  ✅ 系统钥匙串中找到: $ip"
    else
        echo "  ❌ 系统钥匙串中未找到: $ip"
    fi
    
    if security find-certificate -c "$ip" ~/Library/Keychains/login.keychain-db > /dev/null 2>&1; then
        echo "  ✅ 登录钥匙串中找到: $ip"
    else
        echo "  ❌ 登录钥匙串中未找到: $ip"
    fi
done
echo ""

echo "=== 系统证书查看完成 ==="
echo ""
echo "常用命令:"
echo "- 查看所有系统证书: security find-certificate -a /Library/Keychains/System.keychain"
echo "- 查看所有登录钥匙串证书: security find-certificate -a ~/Library/Keychains/login.keychain-db"
echo "- 查看特定证书: security find-certificate -c \"证书名称\" /Library/Keychains/System.keychain"
echo "- 删除系统证书: sudo security delete-certificate -c \"证书名称\" /Library/Keychains/System.keychain"
echo "- 删除登录钥匙串证书: security delete-certificate -c \"证书名称\" ~/Library/Keychains/login.keychain-db"
echo "- 查看钥匙串列表: security list-keychains"
echo "- 查看证书信任设置: security find-trust-settings -d \"证书名称\" /Library/Keychains/System.keychain" 